aboutsummaryrefslogtreecommitdiffstats
path: root/community/dnscrypt-proxy/config-full-paths.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/dnscrypt-proxy/config-full-paths.patch')
-rw-r--r--community/dnscrypt-proxy/config-full-paths.patch68
1 files changed, 52 insertions, 16 deletions
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index ac921892d7..b9eac807d4 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
new file mode 100644
-index 0000000..347ada5
+index 0000000..ceb9308
--- /dev/null
+++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,465 @@
+@@ -0,0 +1,506 @@
+
+##############################################
+# #
@@ -47,6 +47,14 @@ index 0000000..347ada5
+max_clients = 250
+
+
++## Switch to a different system user after listening sockets have been created.
++## Note (1): this feature is currently unsupported on Windows.
++## Note (2): this feature is not compatible with systemd socket activation.
++## Note (3): when using -pidfile, the PID file directory must be writable by the new user
++
++# user_name = 'dnscrypt'
++
++
+## Require servers (from static + remote sources) to satisfy specific properties
+
+# Use servers reachable over IPv4
@@ -74,17 +82,23 @@ index 0000000..347ada5
+require_nofilter = true
+
+
-+
-+## Always use TCP to connect to upstream servers
++## Always use TCP to connect to upstream servers.
++## This can be can be useful if you need to route everything through Tor.
++## Otherwise, leave this to `false`, as it doesn't improve security
++## (dnscrypt-proxy will always encrypt everything even using UDP), and can
++## only increase latency.
+
+force_tcp = false
+
++
+## HTTP / SOCKS proxy
+## Uncomment the following line to route all TCP connections to a local Tor node
+## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
+
+# proxy = "socks5://127.0.0.1:9050"
+
++
++
+## How long a DNS query will wait for a response, in milliseconds
+
+timeout = 2500
@@ -107,7 +121,7 @@ index 0000000..347ada5
+
+## log file for the application
+
-+# log_file = '/var/log/dnscrypt-proxy.log'
++# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
+
+
+## Use the system logger (syslog on Unix, Event Log on Windows)
@@ -165,12 +179,28 @@ index 0000000..347ada5
+fallback_resolver = '9.9.9.9:53'
+
+
-+## Never try to use the system DNS settings; unconditionally use the
-+## fallback resolver.
++## Never let dnscrypt-proxy try to use the system DNS settings;
++## unconditionally use the fallback resolver.
+
+ignore_system_dns = false
+
+
++## Maximum time (in seconds) to wait for network connectivity before
++## initializing the proxy.
++## Useful if the proxy is automatically started at boot, and network
++## connectivity is not guaranteed to be immediately available.
++## Use 0 to disable.
++
++netprobe_timeout = 30
++
++
++## Offline mode - Do not use any remote encrypted servers.
++## The proxy will remain fully functional to respond to queries that
++## plugins can handle directly (forwarding, cloaking, ...)
++
++# offline_mode = false
++
++
+## Automatic log files rotation
+
+# Maximum log files size in MB
@@ -190,8 +220,9 @@ index 0000000..347ada5
+
+## Immediately respond to IPv6-related queries with an empty response
+## This makes things faster when there is no IPv6 connectivity, but can
-+## also cause reliability issues with some stub resolvers. In
-+## particular, enabling this on macOS is not recommended.
++## also cause reliability issues with some stub resolvers.
++## Do not enable if you added a validating resolver such as dnsmasq in front
++## of the proxy.
+
+block_ipv6 = false
+
@@ -249,9 +280,14 @@ index 0000000..347ada5
+cache_max_ttl = 86400
+
+
-+## TTL for negatively cached entries
++## Minimum TTL for negatively cached entries
++
++cache_neg_min_ttl = 60
++
++
++## Maximum TTL for negatively cached entries
+
-+cache_neg_ttl = 60
++cache_neg_max_ttl = 600
+
+
+
@@ -265,7 +301,7 @@ index 0000000..347ada5
+
+ ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+
-+ # file = '/var/log/query.log'
++ # file = '/var/log/dnscrypt-proxy/query.log'
+
+
+ ## Query log format (currently supported: tsv and ltsv)
@@ -291,7 +327,7 @@ index 0000000..347ada5
+
+ ## Path to the query log file (absolute, or relative to the same directory as the executable file)
+
-+ # file = '/var/log/nx.log'
++ # file = '/var/log/dnscrypt-proxy/nx.log'
+
+
+ ## Query log format (currently supported: tsv and ltsv)
@@ -326,7 +362,7 @@ index 0000000..347ada5
+
+ ## Optional path to a file logging blocked queries
+
-+ # log_file = '/var/log/blocked.log'
++ # log_file = '/var/log/dnscrypt-proxy/blocked.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
@@ -354,7 +390,7 @@ index 0000000..347ada5
+
+ ## Optional path to a file logging blocked queries
+
-+ # log_file = '/var/log/ip-blocked.log'
++ # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
@@ -382,7 +418,7 @@ index 0000000..347ada5
+
+ ## Optional path to a file logging whitelisted queries
+
-+ # log_file = '/var/log/whitelisted.log'
++ # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
+
+
+ ## Optional log format: tsv or ltsv (default: tsv)
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-30 12:04:14 +0000